For many public companies, implementing the requirements of Section 404 of the Sarbanes-Oxley Act (SOX) has proven to be a daunting, time consuming and expensive task. It requires an evaluation of the risks specific to a company's unique operating environment, and then the implementation of efficient controls designed to leverage management's skills to control those risks.

The need for strong internal controls is not limited to public companies, however. Effective internal controls provide all management teams with repeatable and reliable information tools that allow them to identify, manage, and mitigate risk on an ongoing basis. Designed appropriately, a strong internal control environment supports growth and helps every organization, whether public, private, nonprofit, or government, operate more effectively. 

BPM has helped numerous public company clients acquire a thorough understanding of the technical and reporting requirements of federal requirements, allowing them to implement effective internal control environments and achieve successful implementation. We use that experience and knowledge with our private and nonprofit clients as well, providing them with pragmatic, practical options, scalable to each of their unique operating environments. Organizations that control risk and have reliable information available to them make better decisions and have fewer surprises. 


Mark Leverette, CPA
Partner, Assurance
Real Estate Industry Group Co-leader

ISO 27001